I am looking for a training class or conference to go to by the end of year for web application security training. We do mainly ASP.NET development so something specific to .NET would be nice but a general security best practices class would work. The location would need to be somewhere in the US, south central US if possible. Anyone have any suggestions. I tried googling around and couldn't find much that fit my criteria so I thought I would try crowd sourcing an answer here.
Thanks...
Here's a few options:
Cigital is a great enterprise vendor. They come to you and will customize training for your particular shop. They're the high end option.
Security University offers a set of training packages. They're comprehensive but not custom. Sondra, the CEO, is one of the nicest people you'll meet in the industry.
SANS offers conference-like training options, where you go to them and sit in on several day's worth of training.
Aspect Security offers a smaller set of 3 day, conference like training options. Never dealt with them, but they make the rounds at conferences.
BlackHat, the conference, offers training sessions. Anyone teaching there will also be willing to sell you training.
Cigital, Security University, and Aspect Security also offer online courses. Maybe SANS too - don't know off the top of my head.
Links:
http://www.cigital.com/services/training/
http://www.securityuniversity.net/
http://www.sans.org/security-training/courses.php
http://www.aspectsecurity.com/training.html
http://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-categories-appsec.html
Check out Tanya Baccam with SANS. I took one of her courses and she was solid.
http://www.sans.org/security-training/instructors.php#Baccam